kernel security and bug fix update

[2.6.32-504.12.2]

• [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}
  [2.6.32-504.12.1]
• [fs] splice: perform generic write checks (Eric Sandeen) [1163798 1155900] {CVE-2014-7822}
  [2.6.32-504.11.1]
• [virt] kvm: excessive pages un-pinning in kvm_iommu_map error path (Jacob Tanenbaum) [1156520 1156521] {CVE-2014-8369}
• [x86] crypto: Add support for 192 & 256 bit keys to AESNI RFC4106 (Jarod Wilson) [1184332 1176211]
• [block] nvme: Clear QUEUE_FLAG_STACKABLE (David Milburn) [1180555 1155715]
• [net] netfilter: conntrack: disable generic tracking for known protocols (Daniel Borkmann) [1182071 1114697] {CVE-2014-8160}
• [xen] pvhvm: Fix vcpu hotplugging hanging (Vitaly Kuznetsov) [1179343 1164278]
• [xen] pvhvm: Don’t point per_cpu(xen_vpcu, 33 and larger) to shared_info (Vitaly Kuznetsov) [1179343 1164278]
• [xen] enable PVHVM VCPU placement when using more than 32 CPUs (Vitaly Kuznetsov) [1179343 1164278]
• [xen] support large numbers of CPUs with vcpu info placement (Vitaly Kuznetsov) [1179343 1164278]
  [2.6.32-504.10.1]
• [netdrv] tg3: Change nvram command timeout value to 50ms (Ivan Vecera) [1182903 1176230]
  [2.6.32-504.9.1]
• [net] ipv6: increase ip6_rt_max_size to 16384 (Hannes Frederic Sowa) [1177581 1112946]
• [net] ipv6: don’t set DST_NOCOUNT for remotely added routes (Hannes Frederic Sowa) [1177581 1112946]
• [net] ipv6: don’t count addrconf generated routes against gc limit (Hannes Frederic Sowa) [1177581 1112946]
• [net] ipv6: Don’t put artificial limit on routing table size (Hannes Frederic Sowa) [1177581 1112946]
• [scsi] bnx2fc: fix tgt spinlock locking (Maurizio Lombardi) [1179098 1079656]